Cannot add a new item in the keychain. Error code: -25243. in ADAL iOS

Question

I have integrated microsoft's ADAL library for iOS in my iOS objective C project. I authenticated the azure's proxy share point site and keep the app in idle state for more than an hour. After I activate the app and click on any hyper-link I get the following error

Error Domain=WebKitErrorDomain Code=102 "Frame load interrupted" UserInfo=0x1452d320 {NSErrorFailingURLKey=https://login.windows.net/*someToken*/oauth2/authorize?response_type=id_token&client_id=319ef615-4cb2-4e65-97bd-69a5fed167a4&scope=openid&nonce=90069b91-cacd-40a1-ae3e-13fbc0e50dff&response_mode=form_post&redirect_uri=https%3a%2f%2fintranetspqa.xyz.com%2fpages%2ffeed.aspx&state=AppProxyState%3a%7b%22IsMsofba%22%3afalse%2c%22OriginalQuery%22%3a%22%22%7d, NSErrorFailingURLStringKey=https://login.windows.net/*someToken*/oauth2/authorize?response_type=id_token&client_id=319ef615-4cb2-4e65-97bd-69a5fed167a4&scope=openid&nonce=90069b91-cacd-40a1-ae3e-13fbc0e50dff&response_mode=form_post&redirect_uri=https%3a%2f%2fintranetspqa.xyz.com%2fpages%2ffeed.aspx&state=AppProxyState%3a%7b%22IsMsofba%22%3afalse%2c%22OriginalQuery%22%3a

followed by

Cannot add a new item in the keychain. Error code: -25243. Attributes: {
    acct = cHJhcGF0aWxAZXF1aW5peC5jb20;
    svce = "MSOpenTech.ADAL.1|aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tLzcyYWRiMjcxLTJmYzctNGFmZS1hNWVlLTlkZTZhNTlmNmJmYg|CC3513A0-0E69-4B4D-97FC-DFB6C91EE132|YzczOWU0ZmItNTE1ZC00N2JhLWIzOGMtZTk2MjZjOGRhODAy";
}. ErrorCode: 11.
2015-09-08 16:41:36.154 ProjectName[32578:3728597] ADALiOS [2015-09-08 11:11:36 - C739E4FB-515D-47BA-B38C-E9626C8DA802] ERROR: Error raised: 11. Additional Information: Domain: ADAuthenticationErrorDomain ProtocolCode:(null) Details:Cannot add a new item in the keychain. Error code: -25243. Attributes: {
    acct = cHJhcGF0aWxAZXF1aW5peC5jb20;
    svce = "MSOpenTech.ADAL.1|aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tLzcyYWRiMjcxLTJmYzctNGFmZS1hNWVlLTlkZTZhNTlmNmJmYg|MzE5ZWY2MTUtNGNiMi00ZTY1LTk3YmQtNjlhNWZlZDE2N2E0|YzczOWU0ZmItNTE1ZC00N2JhLWIzOGMtZTk2MjZjOGRhODAy";
}. ErrorCode: 11.

Ignore some token and xyz in above urls.

I have implemented the required methods as mentioned in ADAL github . I referred ADAL forum and following links iOS Keychain SecItemAdd returns -25243 and How to share keychain data between iOS applications

I have two questions that might solve this issue : 1. If this is keychain sharing issue, what changes shall I make in project.entitlements file? 2. If I have to call refresh token to keep the user authenticated, how shall I call it using ADAL as I referred this link

Answer 1

It appears that when you go to use the refresh token you fail as you don't have entitlements for the iOS keychain of the app that contains the refresh token. Let's try a few things:

1. Can you make sure that you are using the "Capabilities" tab of your Target for your iOS app and that it is the same across all your applications?

2. Make sure you have setSharedKeychainGroup: set in ADAL. This tells ADAL what keychain group you want to use for shared SSO.

From the Header file:

/*! The name of the keychain group to be used if sharing of cache between applications is desired. Can be nil. The property sets the appropriate value of defaultTokenCacheStore object. See apple's documentation for keychain groups: such groups require certain entitlements to be set by the applications. Additionally, access to the items in this group is only given to the applications from the same vendor. If this property is not set, the behavior will depend on the values in the entitlements file (if such exists) and may not result in token sharing. The property has no effect if other cache mechanisms are used (non-keychain). */ @property (getter = getSharedCacheKeychainGroup, setter = setSharedCacheKeychainGroup:) NSString* sharedCacheKeychainGroup;